crimsonrat | f57b75f9a8011bc2f574388d79cbbb75a09cb56b3598bf1d2cc11f26b01f76f6 | Triage

Submit
Reports

Overview

overview

Static

static

1

.html

windows11-21h2-x64

Sharing

General

Target

.
Size

146KB
Sample

240401-hg8enafh2s
MD5

9602cce3290d442ff57b8defb95bb82c
SHA1

46b40c8ad2b8d5a36719805f12b40389120ed425
SHA256

f57b75f9a8011bc2f574388d79cbbb75a09cb56b3598bf1d2cc11f26b01f76f6
SHA512

b6c765abf9a3f9abe61da82a87012a6f67999e4f96063b2781de67f95ca638633eedd545ddbea7b6f245188128825a685852c683987e995fd277607037fe9407
SSDEEP

1536:omkyd8LFVMUK4DgnVR4DBllKoVkL30vD9329s4D+HhqiE:1kzLFoVsllXmxYHhqiE

Score

10^/10

crimsonrat rat

Static task

static1

Behavioral task

behavioral1

Sample

.html

Resource

win11-20240221-en

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

- Target
  
  .
- Size
  
  146KB
- MD5
  
  9602cce3290d442ff57b8defb95bb82c
- SHA1
  
  46b40c8ad2b8d5a36719805f12b40389120ed425
- SHA256
  
  f57b75f9a8011bc2f574388d79cbbb75a09cb56b3598bf1d2cc11f26b01f76f6
- SHA512
  
  b6c765abf9a3f9abe61da82a87012a6f67999e4f96063b2781de67f95ca638633eedd545ddbea7b6f245188128825a685852c683987e995fd277607037fe9407
- SSDEEP
  
  1536:omkyd8LFVMUK4DgnVR4DBllKoVkL30vD9329s4D+HhqiE:1kzLFoVsllXmxYHhqiE
Score

10^/10

crimsonrat rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy